"Marriott Agrees $52m Settlement for Massive Data Breach"

Hotel giant Marriott has recently agreed to pay a $52m settlement to 50 US states for a large multi-year data breach impacting 131.5 million American customers.  It is estimated that 339 million guest records were exposed globally in the incident.  According to the Federal Trade Commission (FTC), attackers accessed the database undetected from July 2014 to September 2018.  The impacted records included guests’ personal details, a limited number of unencrypted passport numbers, and unexpired payment card information.  The agreement with the US states settles allegations by the attorney generals that Marriott violated state consumer protection laws and personal information protection laws and, where applicable, breached notification laws by failing to implement reasonable data security and remediate data security deficiencies.  Marriott has also agreed to strengthen its cybersecurity practices as part of the settlement.

Infosecurity Magazine reports: "Marriott Agrees $52m Settlement for Massive Data Breach"